| 2019-08-23 18:12:09 |
Connor Kuehl |
bug |
|
|
added bug |
| 2019-08-23 18:12:20 |
Connor Kuehl |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-08-23 18:12:20 |
Connor Kuehl |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2019-08-23 18:12:26 |
Connor Kuehl |
linux (Ubuntu): status |
New |
Invalid |
|
| 2019-08-23 18:12:32 |
Connor Kuehl |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
| 2019-08-23 18:12:34 |
Connor Kuehl |
linux (Ubuntu Bionic): importance |
Undecided |
Medium |
|
| 2019-08-23 18:12:36 |
Connor Kuehl |
linux (Ubuntu Bionic): assignee |
|
Connor Kuehl (connork) |
|
| 2019-08-23 18:19:13 |
Connor Kuehl |
description |
[Impact]
Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" added new test cases to the crypto self-tests. This patch is referring to structure members that don't exist in Bionic because the large mainline clean up patch 92a4c9fef34c crypto: "testmgr - eliminate redundant decryption test vectors" has not been backported.
As a result, Bionic will fail to build if the crypto self tests are enabled in the kernel config. This build failure was noticed when building a derivative kernel.
This mainline patch is a massive refactoring, complete with the updated structure definitions that will resolve the build failure:
92a4c9fef34c "crypto: testmgr - eliminate redundant decryption test vectors"
Furthermore, once the pre-requisite patch is backported, the CFB module also needs to be backported as the new tests added by Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" will attempt to load that module at runtime to execute its tests.
[Test Case]
On a Bionic kernel, ensure "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS" is NOT set and ensure you have the patch in your tree (master-next should have it as of this writing it has not been reverted).
To disable that config option, edit debian.master/config/config.common.ubuntu and delete the line that reads "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y" then update the configs with "fakeroot debian/rules updateconfigs"
Build the kernel.
Expected result: crypto/testmgr.o is built successfully and so is the rest of the kernel for your build.
Actual result: crypto/testmgr.o fails to build with several errors related to data members of a structure that don't exist yet. Like this:
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16148:4: error: 'const struct cipher_testvec' has no member named 'ptext'
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16156:4: error: 'const struct cipher_testvec' has no member named 'ctext'
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16164:4: error: 'const struct cipher_testvec' has no member named 'len'; did you mean 'klen'?
.len = 64,
[Testing]
After backporting the pre-requisite refactor patch and the CFB module that the new tests depend on, I compiled and booted into the kernel and ran the Crypto test suite by loading the "tcrypt" module. I compared the test suite results with a Bionic kernel that does NOT have this backport and confirmed they both emitted the same test results from the crypto self tests:
[ 15.536400] alg: hash: Failed to load transform for hmac(crc32): -2
[ 15.552214] alg: cprng: Failed to load transform for ansi_cprng: -2
[ 15.590773] tcrypt: one or more tests failed!
No new test failures have been added as a result of this backport.
[Regression Potential]
There is a chance for breakage within the test suite because the primary patch that resolves this build failure, 92a4c9fef34c "crypto: testmgr - eliminate redundant decryption test vectors" is not practical to review.
However, this backport was accomplished with the very same awk script supplied by the original patch author and the results between one kernel and a modified kernel are consistent. |
[Impact]
Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" added new test cases to the crypto self-tests. This patch is referring to structure members that don't exist in Bionic because the large mainline clean up patch 92a4c9fef34c crypto: "testmgr - eliminate redundant decryption test vectors" has not been backported.
As a result, Bionic will fail to build if the crypto self tests are enabled in the kernel config. This build failure was noticed when building a derivative kernel.
This mainline patch is a massive refactoring, complete with the updated structure definitions that will resolve the build failure:
92a4c9fef34c "crypto: testmgr - eliminate redundant decryption test vectors"
Furthermore, once the pre-requisite patch is backported, the CFB module also needs to be backported as the new tests added by Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" will attempt to load that module at runtime to execute its tests.
The primary argument for the inclusion of this backport would be that we would not have to amend future crypto test case additions as they come in via stable update sync to use the "older" code structure.
[Test Case]
On a Bionic kernel, ensure "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS" is NOT set and ensure you have the patch in your tree (master-next should have it as of this writing it has not been reverted).
To disable that config option, edit debian.master/config/config.common.ubuntu and delete the line that reads "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y" then update the configs with "fakeroot debian/rules updateconfigs"
Build the kernel.
Expected result: crypto/testmgr.o is built successfully and so is the rest of the kernel for your build.
Actual result: crypto/testmgr.o fails to build with several errors related to data members of a structure that don't exist yet. Like this:
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16148:4: error: 'const struct cipher_testvec' has no member named 'ptext'
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16156:4: error: 'const struct cipher_testvec' has no member named 'ctext'
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16164:4: error: 'const struct cipher_testvec' has no member named 'len'; did you mean 'klen'?
.len = 64,
[Testing]
After backporting the pre-requisite refactor patch and the CFB module that the new tests depend on, I compiled and booted into the kernel and ran the Crypto test suite by loading the "tcrypt" module. I compared the test suite results with a Bionic kernel that does NOT have this backport and confirmed they both emitted the same test results from the crypto self tests:
[ 15.536400] alg: hash: Failed to load transform for hmac(crc32): -2
[ 15.552214] alg: cprng: Failed to load transform for ansi_cprng: -2
[ 15.590773] tcrypt: one or more tests failed!
No new test failures have been added as a result of this backport.
[Regression Potential]
There is a chance for breakage within the test suite because the primary patch that resolves this build failure, 92a4c9fef34c "crypto: testmgr - eliminate redundant decryption test vectors" is not practical to review.
However, this backport was accomplished with the very same awk script supplied by the original patch author and the results between one kernel and a modified kernel are consistent. |
|
| 2019-08-29 14:55:02 |
Connor Kuehl |
description |
[Impact]
Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" added new test cases to the crypto self-tests. This patch is referring to structure members that don't exist in Bionic because the large mainline clean up patch 92a4c9fef34c crypto: "testmgr - eliminate redundant decryption test vectors" has not been backported.
As a result, Bionic will fail to build if the crypto self tests are enabled in the kernel config. This build failure was noticed when building a derivative kernel.
This mainline patch is a massive refactoring, complete with the updated structure definitions that will resolve the build failure:
92a4c9fef34c "crypto: testmgr - eliminate redundant decryption test vectors"
Furthermore, once the pre-requisite patch is backported, the CFB module also needs to be backported as the new tests added by Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" will attempt to load that module at runtime to execute its tests.
The primary argument for the inclusion of this backport would be that we would not have to amend future crypto test case additions as they come in via stable update sync to use the "older" code structure.
[Test Case]
On a Bionic kernel, ensure "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS" is NOT set and ensure you have the patch in your tree (master-next should have it as of this writing it has not been reverted).
To disable that config option, edit debian.master/config/config.common.ubuntu and delete the line that reads "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y" then update the configs with "fakeroot debian/rules updateconfigs"
Build the kernel.
Expected result: crypto/testmgr.o is built successfully and so is the rest of the kernel for your build.
Actual result: crypto/testmgr.o fails to build with several errors related to data members of a structure that don't exist yet. Like this:
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16148:4: error: 'const struct cipher_testvec' has no member named 'ptext'
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16156:4: error: 'const struct cipher_testvec' has no member named 'ctext'
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16164:4: error: 'const struct cipher_testvec' has no member named 'len'; did you mean 'klen'?
.len = 64,
[Testing]
After backporting the pre-requisite refactor patch and the CFB module that the new tests depend on, I compiled and booted into the kernel and ran the Crypto test suite by loading the "tcrypt" module. I compared the test suite results with a Bionic kernel that does NOT have this backport and confirmed they both emitted the same test results from the crypto self tests:
[ 15.536400] alg: hash: Failed to load transform for hmac(crc32): -2
[ 15.552214] alg: cprng: Failed to load transform for ansi_cprng: -2
[ 15.590773] tcrypt: one or more tests failed!
No new test failures have been added as a result of this backport.
[Regression Potential]
There is a chance for breakage within the test suite because the primary patch that resolves this build failure, 92a4c9fef34c "crypto: testmgr - eliminate redundant decryption test vectors" is not practical to review.
However, this backport was accomplished with the very same awk script supplied by the original patch author and the results between one kernel and a modified kernel are consistent. |
[Impact]
Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" added new test cases to the crypto self-tests. This patch is referring to structure members that don't exist in Bionic because the large mainline clean up patch 92a4c9fef34c crypto: "testmgr - eliminate redundant decryption test vectors" has not been backported.
[Fix]
Revert Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" as the backport is large and error prone. The backport will not be accepted at this time.
[Test Case]
On a Bionic kernel, ensure "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS" is NOT set and ensure you have the patch in your tree (master-next should have it as of this writing it has not been reverted).
To disable that config option, edit debian.master/config/config.common.ubuntu and delete the line that reads "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y" then update the configs with "fakeroot debian/rules updateconfigs"
Build the kernel.
Expected result: crypto/testmgr.o is built successfully and so is the rest of the kernel for your build.
Actual result: crypto/testmgr.o fails to build with several errors related to data members of a structure that don't exist yet. Like this:
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16148:4: error: 'const struct cipher_testvec' has no member named 'ptext'
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16156:4: error: 'const struct cipher_testvec' has no member named 'ctext'
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16164:4: error: 'const struct cipher_testvec' has no member named 'len'; did you mean 'klen'?
.len = 64,
[Regression Potential]
Very low. This reverts a patch that added crypto tests that do not compile. Furthermore, these tests rely on a module, CFB, which is loaded at run-time for the test suite. This module has not been added to the Bionic kernel, and so even if the tests DID compile, they would not be able to run.
Original SRU justification in favor of the backport follows:
-------------------------------------------------------------
[Impact]
Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" added new test cases to the crypto self-tests. This patch is referring to structure members that don't exist in Bionic because the large mainline clean up patch 92a4c9fef34c crypto: "testmgr - eliminate redundant decryption test vectors" has not been backported.
As a result, Bionic will fail to build if the crypto self tests are enabled in the kernel config. This build failure was noticed when building a derivative kernel.
This mainline patch is a massive refactoring, complete with the updated structure definitions that will resolve the build failure:
92a4c9fef34c "crypto: testmgr - eliminate redundant decryption test vectors"
Furthermore, once the pre-requisite patch is backported, the CFB module also needs to be backported as the new tests added by Ubuntu commit aae817ffb114 "crypto: testmgr - add AES-CFB tests" will attempt to load that module at runtime to execute its tests.
The primary argument for the inclusion of this backport would be that we would not have to amend future crypto test case additions as they come in via stable update sync to use the "older" code structure.
[Test Case]
On a Bionic kernel, ensure "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS" is NOT set and ensure you have the patch in your tree (master-next should have it as of this writing it has not been reverted).
To disable that config option, edit debian.master/config/config.common.ubuntu and delete the line that reads "CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y" then update the configs with "fakeroot debian/rules updateconfigs"
Build the kernel.
Expected result: crypto/testmgr.o is built successfully and so is the rest of the kernel for your build.
Actual result: crypto/testmgr.o fails to build with several errors related to data members of a structure that don't exist yet. Like this:
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16148:4: error: 'const struct cipher_testvec' has no member named 'ptext'
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16156:4: error: 'const struct cipher_testvec' has no member named 'ctext'
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
^~~~~
/tmp/kernel-connork-cb14cb8-q7j8/build/crypto/testmgr.h:16164:4: error: 'const struct cipher_testvec' has no member named 'len'; did you mean 'klen'?
.len = 64,
[Testing]
After backporting the pre-requisite refactor patch and the CFB module that the new tests depend on, I compiled and booted into the kernel and ran the Crypto test suite by loading the "tcrypt" module. I compared the test suite results with a Bionic kernel that does NOT have this backport and confirmed they both emitted the same test results from the crypto self tests:
[ 15.536400] alg: hash: Failed to load transform for hmac(crc32): -2
[ 15.552214] alg: cprng: Failed to load transform for ansi_cprng: -2
[ 15.590773] tcrypt: one or more tests failed!
No new test failures have been added as a result of this backport.
[Regression Potential]
There is a chance for breakage within the test suite because the primary patch that resolves this build failure, 92a4c9fef34c "crypto: testmgr - eliminate redundant decryption test vectors" is not practical to review.
However, this backport was accomplished with the very same awk script supplied by the original patch author and the results between one kernel and a modified kernel are consistent. |
|
| 2019-09-03 05:41:51 |
Khaled El Mously |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2019-09-11 15:12:53 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-bionic |
|
| 2019-09-30 21:48:23 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-09-30 21:48:23 |
Launchpad Janitor |
cve linked |
|
2018-20976 |
|
